Xavier Stevens
Ricercatore della sicurezza, Fastly
Xavier Stevens è Staff sicurezza Researcher presso Fastly, con un focus su ricerca sulle minacce, rilevamento, engineering e innovazione di prodotto.
-
Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins
We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.
-
Network Effect Threat Report: Uncovering the power of collective threat intelligence
Announcing the Network Effect Threat Report, Fastly’s threat intelligence report with insights based on unique data from April to June of 2023
-
CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability
What you need to know about CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability
-
What is TLS Fingerprinting?| Fastly
TLS fingerprinting has become a prevalent tool to help security defenders identify what clients are talking to their server infrastructure.
-
Threat hunting network callbacks in WAF data
Threat hunting is the practice of looking for active attackers who have possibly penetrated security boundaries within an organization. WAF data can be a valuable resource in threat hunting for network callbacks. Here’s how.
-
Spring: CVE-2022-22963 & Spring4Shell (CVE-2022-22965) | Fastly
In this post, we review details for two RCE vulnerabilities impacting Spring Cloud and Spring Framework, including how Fastly customers can protect themselves from this vulnerability.
-
Log4Shell attacks (CVE-2021-44228) insights | Fastly
We’re sharing our latest data and new insights into the Log4j/Log4Shell vulnerability (CVE-2021-44228 + CVE-2021-45046) in this post in order to help the engineering community cope with the situation. We also share our guidance around testing your environment against many of the new obfuscation methods that have been seen.
-
Il framework di efficacia WAF misura l’efficacia del WAF | Fastly
Il nostro nuovo framework di efficacia WAF fornisce un modo standardizzato per misurare l’efficacia delle capacità di rilevamento di un web application firewall attraverso verifica e convalida continue. Ecco come funziona.
-
Log4Shell exploit found in Log4j | Fastly
CVE-2021-44228 is a Remote Code Execution vulnerability in the Apache Log4j library being actively exploited. We provide our observations into the exploit and a summary of its impact.
-
Atlassian Confluence OGNL Injection Vulnerability Protection | Fastly
Our Security Research Team has built and deployed a rule to help protect customers of our next-gen WAF against the recently announced Confluence Server OGNL injection vulnerability, CVE-2021-26084.
-
Next-Gen WAF for Microsoft Exchange | Fastly
Fastly’s security research team has built and deployed a rule to protect Signal Sciences Next-Gen WAF customers against the recently announced Microsoft Exchange Server vulnerabilities.